Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE][PATCH] datafiles.lua

From: jah <jah () zadkiel plus com>
Date: Thu, 11 Sep 2008 05:02:04 +0100
On 10/09/2008 09:50, Sven Klemm wrote:

Ah I didn't think of that case. I've modified the patch to handle this
situation by checking for value being a table. If value is a table
then anything supplied as index will be used literally.

I don't see { ["hello"] = "nmap" } as problem if a script author wants
a file parsed that way he should get it. I am currently using
{["^[a-f0-9]+"]=""} in my SSH weak key script. I could easily modify
it to make it work with the current version but I thought the check
was too constraining. I am using an empty string as value because I am
only interested in a hash table with strings as key for easy checking
whether a key is in the file.

{ ["^([a-f0-9]+)"] = "" } (note the capture) would have worked in your
SSH weak key script, but I think you're right that the user should have
it their way, even if, like the examples we've discussed, the data
returned is garbage.  And of course, there may be legitimate uses for
matching with plain strings which I hadn't considered before.

So I've tested the code with your patch and fixed some bugs and a couple
of typo's, most of which were present from the start:
not returning services in the same fashion as parse_services(protocol) did;
bad logic prevented parse_file( filename, { } ) from returning an array
of lines where filename was one of Nmap's data files (as it does for
other files);
creating a table key with a value of nil when the pattern for the key
matches, but the pattern for the value doesn't - this was made most
obvious by the recent changes as it prevented them returning the correct
data and;
a few minor details.

The attached contains two patches.
datafiles.patch will patch the svn version when patched with your patch
at [1].
combined.patch will patch the svn version and combines the two patches.


Regards,

jah


[1] - http://seclists.org/nmap-dev/2008/q3/0791.html

Attachment: datafiles.tar.gz
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: